Preventing financial crimes

When Kweku Adoboli made  unauthorized trades that led to a $2.3 billion loss for UBS in September 2011, shock waves rippled through the boardrooms of financial services companies worldwide. Such a staggering setback on the heels of the financial crisis dealt a severe blow to UBS’s reputation, triggering the resignation of its CEO, Oswald Grübel. Was this a sign that many of the unethical business practices that helped cause the 2008 financial crisis were manifesting themselves again?

After all, in 2008, rogue trader Jerome Kerviel lost a whopping €4.9 billion ($x.x billion) at Société Générale through a series of fraudulent deals. But it’s not just rogue traders that boardrooms are concerned about. Embezzlement, fraud and money laundering can equally damage a company’s reputation and its bottom line. How many other rogue employees are out there committing financial crimes, and exactly whose responsibility is it to make sure that transgressions like these don’t turn into an epidemic?

A September 2011 survey of 600 compliance and anti-money-laundering staff conducted by Dow Jones Risk & Compliance and the Association of Certified Anti-Money Laundering Specialists (ACAMS) underscores the pressures that compliance departments face trying to prevent fraud and money laundering.

According to the survey, 55 percent identified additional regulations and increased enforcement as a key challenge that needed to be met in the coming year, more than 60 percent identified recruiting and training staff as key issues, and more than 40 percent of anti-money-laundering teams were burdened by increased workloads stemming from expansion into new markets.

Rupert de Ruig, managing director of Dow Jones Risk & Compliance, says his survey reveals conflicting information. Over 75 percent of senior managers focus on preventing money laundering and other illegal actions, yet 38 percent of them said compliance departments were understaffed. At a time when banks are under increasing financial pressure to raise capital and trim costs – a trend epitomized by Bank of America’s cutting of 30,000 jobs (10 percent of its staff) – firms are reducing non-revenue-generating areas such as compliance, audit and risk management. When compliance and anti-money-laundering staff are overburdened, undertrained and stretched thin, it creates a climate where lawbreaking and rogue trading can flourish.

Risk cultures can lead to fraud

To a considerable extent, the losses at companies such as UBS and Société Générale stem from the ‘risk culture’ established at these firms, explains John Hull, who teaches risk management at the University of Toronto’s Rotman School of Management.

‘There’s a tendency to turn a blind eye when someone’s making a profit and taking a risk,’ he says. If trading turns into a loss, the culture encourages taking more risks to recoup the money, resulting in a downward spiral, like a gambler in Vegas doubling on his bets. ‘The person is encouraged to double up and eventually a disaster happens,’ Hull says. ‘It’s about the ability to set risk limits.’

Furthermore, the two rogue traders at UBS and Société Générale were insiders who knew how to circumvent internal controls. ‘Both these traders had back office experience,’ Hull says. ‘They knew when internal checks were carried out.’ Hull says board members have told him that ‘directors can’t possibly understand the complex financial transactions’ these traders engage in.

But he insists that boards at financial service firms must choose directors with complex financial know-how, just like insurance companies should select directors who understand underwriting. Board members don’t need to micromanage traders or visit trading floors, but they must be equipped to know ‘the right questions to ask and the key aspects of a risk culture’. Directors must be cognizant and aware of what inside traders do to circumvent rules so that they can ask pointed questions of the audit committee head presenting risk management data.

Determining what went wrong at UBS is a very complex, multifaceted issue, suggests Frances McLeod, a partner at Rhode Islandbased consulting firm Forensic Risk Alliance. She says frauds happened at these firms because ‘controls were more theoretical than actual’, technology systems weren’t integrating trades with compliance programs, and little attention was paid to personnel issues triggered by back office staff moving into trading positions.

Preventing fraud requires ‘programs designed to work,staff trained to assess and evaluate the output, and creating a compliance culture,’ she says. Rewarding ethical behavior by tying bonuses to managers and staff following the rules can also play a role.

In fact, McLeod says Goldman Sachs, which has been maligned for its role in making money off customers it misled in the subprime mortgage debacle, has been playing a leadership role in compliance. Goldman ‘treats prevention as an integral part of how it controls risk and bridges the divide between the profit center and cost center,’ she says. Asked to elaborate, a Goldman Sachs spokesperson declined to answer any questions.

Maintaining your reputation

When these scandals occur, the loss to a firm transcends dollars and cents. Reputation risk is a major liability, notes John Byrne pictured right, an executive vice president at ACAMS. Firms may not lose business on a day-to-day basis, but the negative publicity can erode consumer confidence in the organization. Moreover, regulatory agencies increase their oversight and provide more resources to cover firms that have been penalized.

In some cases these illegal practices lead to more severe consequences, such as the money-laundering debacle that caused Riggs Bank’s demise in 2005. The failure of Riggs Bank, along with other recent trading fiascos, sends a powerful message to boards that risk management must be made a priority. Byrne says Riggs Bank ‘didn’t have strong policies and procedures and didn’t provide up-to-date staff training’, and it paid the price for its indifference. The message to boards is that ‘banks can’t police themselves,’ Byrne concludes. Moreover, the breadth of experience needed to prevent these crimes is intensifying, covering cyber-security, global corrupt practices and new anti-moneylaundering schemes.

Banks must file suspicious activity reports to the Financial Crimes Enforcement Network, and internal auditors are required to notify federal agencies when major controls at a bank aren’t working or serving as a deterrent. However, William Kowalski, who spent 25 years with the FBI and is now director of corporate investigations at Rehmann Corporate Investigative Services, says most federal agencies ‘investigate current crimes and use the punishment as a deterrent; they’re not in the prevention business.’

One deterrent that the FBI has stepped up is holding individual executives criminally responsible for a company’s wrongdoing. When Latin Node, a Miamibased telecommunications company, was found guilty of bribing Honduran officials and defying the Foreign Corrupt Practices Act in May 2011, its CEO and three other executives faced up to five years in prison and fines of $250,000.

Assistant Attorney General Lanny Breuer has said that ‘CEOs and other corporate executives should know that violating the Foreign Corrupt Practices Act will lead to criminal prosecution.’Kowalski says that everyone involved in identifying a firm’s controls – internal auditors, external auditors, the CFO, compliance staff – should collaborate with federal agencies to minimize the chances of financial crimes happening.

Increasingly he sees CFOs playing a major role in preventing malfeasance, but audit teams need to remain independent from CFOs to maintain their autonomy. Most firms employ early detection software programs that provide notification of impending fraud or money laundering, but experts note that these systems are only as good as the staff overseeing them. ‘The key is that an official must take action to investigate once a risk is identified,’ Kowalski says. Furthermore, thieves and rogue traders operate like bank robbers, always exploiting the latest hole or weakness in the system; staying one step ahead can help expose them.

Reducing crime risks

If a rogue trader is intent on stealing or committing fraud, it is difficult to prevent the crime from happening. ‘The frauds we’ve seen might not have been prevented, but they could have been recognized earlier,’ Kowalski, pictured left, says. That’s why risk assessments are made, weaknesses are highlighted and stringent controls are implemented. Cutbacks at financial firms are raising red flags and creating an atmosphere conducive to committing fraud. ‘We see fraud happen most often because of a lack of segregation of duties,’ Kowalski says. As banks cut back on staff and have only one person in charge of overseeing trades, internal controls diminish and the chances of fraud increase.

Corporate secretaries can play a role in setting the agenda of boards and helping them to focus on highrisk areas for potential fraud. Corporate secretaries need to be well-versed in regulations, should know by geography where the highest risks are, and should know whether products and services are being sold by the firm directly or through intermediaries, de Ruig says.

In most cases where fraud has taken place at a firm, Kowalski says boards had become a ‘rubber stamp’ for the CEO’s or CFO’s recommendations. In order to deter fraud, board members must take a leadership role in providing oversight, ask the right follow-up questions and take a more skeptical approach to unearth the underlying risk factors that can cause financial and reputation loss.

Kowalski suggests that boards establish open communication with lower-level employees involved in controls who can point out the gaps and weaknesses or serve as whistleblowers if major crimes are being committed. He also recommends that firms create an intermediary, such as an HR director or compliance leader, who can serve as a focal point for information, either anonymous or attributable. Inquiries must be handled with diplomacy, tact and confidentiality to keep the pipeline of information open. ‘Once an employee makes a suggestion and gets shot down, they’ll never make one again,’ Kowalski notes.

Too often, boards ‘simply never get involved in creating effective anti-fraud systems,’ says William Blake, a professor of law at the University of Missouri–Kansas City and former executive director of the Institute for Fraud Prevention. He says most boards don’t view the prevention of fraud as a high priority. Blake says the majority of companies are worried about taking away the drive and gumption of traders.

Traders are invariably extremely aggressive, opportunistic risk-takers, and putting in excessive controls could inhibit their ability to make money and keep revenues flowing. ‘Companies don’t want to stop traders from being ultra-aggressive, and ultimately they absorb the losses,’ he says. ‘By far the leading cause of losses to a firm is internal fraud,’ Blake continues, adding that too many board members are beholden to the CEO, take cues from the CEO and fail to perform independent investigations into risk management.

Ironically, financial fraud is one of the main factors that can lead to a CEO’s demise. A stronger board, containing some members who possess fraud expertise and have an independent, investigative streak, would strengthen the CEO and the company and thereby help to prevent many types of financial crimes.